Control devices are used in control systems for industrial applications. These control devices are known as embedded control devices. In this case, a complex overall system may be constructed by networking a plurality of embedded individual systems or so-called embedded systems. So-called systems on chip (SoC) are often used to implement embedded systems. In this case, a system on chip often contains a main processor unit or central processing unit (CPU) and an integrated digital circuit in which it is possible to configure or program a logic circuit, a so-called field programmable gate array (FPGA). In the system on chip, different functions are therefore integrated in a semiconductor circuit. In this case, memories, for example random access memories (RAM) or flash memories or electrically erasable programmable read-only memories (EEPROM), are often implemented as separate modules. It is likewise possible to also integrate them. In this case, a main processor unit may be provided as a fixed functional unit of a system on chip in the form of a so-called hard core. It is likewise possible to implement a main processor unit as configurable logic as part of the configurable logic circuit, that is to say in the form of a so-called soft core.
In this case, software, (e.g., embedded Linux), is executed for the purpose of executing a program by a processor, (e.g., the main processor unit).
Cryptographic key material is used for numerous applications in which a program is executed by a processor of a system on chip or of a digital circuit area. This may be required by security or safety requirements, in particular.
In this case, the practice of storing cryptographic keys as part of the software or as part of configuration data for the software is known. The key material, however, is scarcely protected in these cases. A key may be concealed in a software environment using so-called white box cryptography methods. In this case, the software as such may be easily attacked, read, or manipulated. The key material is therefore not very well protected against attacks.
It is known to provide a so-called companion chip for a chip, which companion chip carries out authentication. In this case, cryptographic calculations are used to check the authorization of a chip, for example, in order to detect a replica or an unauthorized copy of the chip or to prevent unauthorized access. In this case, the companion chip is an external, that is to say physically separate, authentication chip. In this case, the data interface between the chip and the companion chip is easily accessible to an attacker and communication may therefore be easily intercepted or manipulated.
In this case, external authentication chips may carry out a key derivation that provides a key from desired input parameters on request.